If this is your first visit, be sure to
check out the Forum Rules by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

What is this?EvilGrade: &quot;ISR-evilgrade: is a modular framework that allow us to take advantage of poor upgrade implementations by injecting fake updates.&quot;Metasploit: &quot;Evilgrade Will Destroy Us All.&quot;

This is a &quot;semi automate&quot; script to help set-up an environment for EvilGrade so it can work its magic, and then there is a video demonstrating it in action which shows the effects of EvilGrade. EvilGrade is simply, another &quot;option&quot; to do after performing a &quot;Man In The Middle&quot; attack, that tricks certain software to believe there is an update available when really it's the attacker payload.

How does this work?
EvilGrade: &quot;It works with modules, each module implements the structure needed to emulate a false update of specific applications/systems.Evilgrade needs the manipulation of the victim dns traffic.&quot;

EvilGrade creates a web server, which when a program's auto-update feature queries back &quot;home&quot; to check for an update, EvilGrade creates a spoofed updated version. The program then notify the target that there is an &quot;update&quot; available, and would they like to update. The danger of this is most users trust the program with the &quot;auto update feature&quot; and download and executes the update, when in reality, this is our payload.

What do I need?
> EvilGrade + Any Requirements (Data:ump, Digest::MD5, Time::HiRes)
> A Payload (I'm using metasploit and SBD)
> A method of doing a MITM Attack (I'm using arpspoof - part of dsniff suite)
> A way to spoof DNS (I'm using dnsspoof - part of dsniff suite)
> evilGrade[v0.1.3].sh (only if you wish for a helping hand to automate a few steps)
> evilGrade_install[v0.1.3].sh (only if you wish for a helping hand to get this working with BackTrack 4 Final)

How to use it?1.)Download the script(s)
2.) Install EvilGrade. (If your lazy use the script!)
3.)Check to see what interface is going to be used. (via ifconfig)
4.) Edit evilGrade[v0.1.3].sh (via kate evilGrade\[v0.1.3\].sh) to make it work with your system
5.) bash evilGrade\[v0.1.3\].sh OR bash evilGrade\[v0.1.3].sh TargetsIP (bash evilGrade\[v0.1.3\].sh 192.168.1.101)
6.) Pick your which software to attack. (via show modules)
7.) Pick your &quot;agent&quot; (Which program to insert/inject/replace the update)
8.) Check any other options (via show options)
9.) Start
10.) Wait...
11.) ...Game Over.

How can I protect myself from this?
> Don't use the self updating features on software.
> When prompted about an update, visit the official homepage to download the update.
> Check the official homepage for a MD5/SHA1 hash.

Notes:
The video uses evilGrade[v0.1].sh
It's worth doing this &quot;manually&quot; (without the script) before using the script, so you have an idea of what's happening, and why. The script is only meant to save time.